Employers are thus motivated to publish privacy disclaimers like: "This e-mail account is for official business only. No end-user expectation of privacy. End-users consent to management inspection of message contents."

Or, if space is tight: "Official business. End-users: no privacy; consent to inspection" . . . with more explanation published on the Web.

Employers have incentives to monitor computer usage, including need to deter sexual harassment/hostile work environment. As they supervise the workplace, employers don't want to be liable for invading privacy.

Officer Quon's Story

Quon was an officer with the Ontario, CA, police department. Quon knew the department's general policy prohibiting nonofficial computer communications, reserving management power to review computer activities and disclaiming employee expectation of privacy.

Click

The department issued Quon a pager enabling him to exchange text messages via a third-party service. Using the pager, he in several months exceeded his per-character quota, and he paid the extra charges. A supervisor informally told Quon the department would not review his messages so long as he paid the extra charges. Then Quon's excess usage came to the attention of the department chief. The chief asked that the service provider (equivalent to Internet Service Provider, ISP) disclose to management contents of Quon's archived messages. Viewing the police department (not Quon) as the account subscriber, the provider complied.

Quon and some of his text correspondents (plaintiffs) sued, claiming the department, a government agency, had violated their Fourth Amendment right to be free from unreasonable search.

The court ruled plaintiffs had reasonable expectations of privacy in the messages. Even though the department's formal policy disclaimed that expectation, the supervisor nullified it by saying the department would not examine the messages. [The police department appealed to the US Supreme Court. The Supreme Court ruled found a rationale for ruling in favor of the police department. But it did not dismiss the logic of the lower court that a supervisor could nullify formal department policy.]

What Should an Employer Do?

So, as a policy matter, what is an employer to do? It is hard to avoid informal statements (such as from Quon's supervisor) that are construed to invalidate formal privacy disclaimers.

Employers' logical response is to state disclaimers over . . . and over . . . and over. Repetition of disclaimers may not eliminate employer risk, but it may reduce it.

Privacy disclaimers might be published – and republished – any number of ways (the more the better), including on log-on banners, at the bottom of messages, in video reminders and in public notices on web sites. See my earlier articles about the general effectiveness of legal terms published to the world (e.g., external recipients of employee e-mails, text & audio messages) by way of the World Wide Web.

Mr Wright is a frequent public speaker at professional groups like state CPA societies and Institute of Internal Auditors. As author of technology law books such as Law of Electronic Commerce, he blogs on electronic data, records, security and social media law, and he spots trends, such as the rise of activists and whistleblowers wielding small video cameras. 2010: Russian financial authorities tapped Mr. Wright for advice on regulation and investigations in the micro-finance industry.

Mr. Wright mentors students at SMU's Lyle School of Engineering. Previously he served as chair of the Industry Advisory Committee for SMU's Electrical Engineering Department.

Mr. Wright is known for bringing attention to the power of terms, conditions, contracts, disclaimers, warnings and other notices -- like those below -- published through online media.

IMPORTANT: No public comment by Mr. Wright (blog, book, tweet, video, update, speech, article, podcast or the like) is legal or other professional advice. If you need legal advice, you should hire and consult a lawyer.

Mr. Wright's public statements are offered as-is, with no warranty of accuracy or reliability. Mr. Wright sometimes revises his published ideas. If you use the ideas, you do so at your own risk.

Public Education and Discussion

Mr. Wright's blogs, tweets, videos, web comments, web courses and the like are intended to promote public education and discussion. They are not intended to advertise or solicit legal services. They constitute an online update service for the book Law of Electronic Commerce. Originally released 1991, and revised continually since then, the book is published by Wolters Kluwer.

Compliance

Mr. Wright strives to comply with all applicable laws. He does not have and never has had intention to infringe the rights of anyone. If any person has any information, suspicion or belief that Mr. Wright has done anything illegal or unethical, he asks that person promptly to (a) notify him at 1.214.403.6642 (b) comment publicly on his blogs or pages that he is wrong. Promptness helps mitigate damage.

Any person accessing Mr. Wright's blogs, tweets, profiles, comments, web pages or other public activities or statements agrees not to use data from them in a way that is adverse to Mr. Wright's interests.

Forming an Attorney-Client Relationship

Mr. Wright does not have an attorney-client relationship with any person unless and until he and that person explicitly, formally agree that the relationship is being formed. Interaction with Mr. Wright through public media does not create an attorney-client relationship. Exchange of private messages with Mr. Wright does not, by itself, create an attorney-client relationship.

Privacy/Security Vision

Some people provide Mr. Wright private information. Mr. Wright strives to treat such information reasonably according to the circumstances. People should have no more than reasonable expectations about information security. It is unreasonable to expect that the offices, computers, cell phones, brief cases, filing cabinets and online or other services used by Mr. Wright are very secure.

IMPORTANT Confidentiality Notice

Benjamin Wright is licensed as an attorney. Some of Mr. Wright's non-public records stored in the cloud are confidential and subject to protections associated with attorney work and communications. The laws of many countries recognize such protections. Mr. Wright insists that you recognize those protections with respect to his records and communication.

Relationships

The only person responsible for Mr. Wright's words is Mr. Wright.

Mr. Wright often earns financial or other reward from those he mentions or links on blogs and social media, such as Yellow Brick, Messaging Architects/Netmail, SANS Institute, Credant Technologies, state CPA societies, Park Avenue Presentations, LabMD and others.

Attribution

Some images, sounds and font output associated with Wright's work and comments are copyrighted by Corel Corporation or its licensors or partners like iStockphoto; they reserve all their rights. Some images are declared on wikimedia to be public domain. Mr. Wright strives to respect IP rights, but sometimes technology behaves in surprising ways. If you are an IP owner and you have a problem with something published by Mr. Wright, please telephone him promptly. Trademarks are property of their respective owners.

Wright`s Public Appearances

Tip Jar

Strangest InfoSec Law Case ... Ever

Follow Me on Google+ and Access My Other Blogs

SANS Quote

Professional Education. "The best legal trainer in the country on these issues is Ben Wright." --Stephen H. Chapman, Principal and CEO, Security Advisers, LLC, and student in Mr. Wright's SANS legal training